F9: gam_server

Adam Huffman adam.huffman at gmail.com
Mon Jul 21 11:42:42 UTC 2008 

Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dan Thurman wrote:
>   
>> Again, more issues. Suggested fix?
>> ============================
>> Summary:
>>
>> SELinux is preventing gam_server (gamin_t) "dac_override" to <Unknown>
>> (gamin_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by gam_server. It is not expected that this
>> access is required by gam_server and this access may signal an intrusion
>> attempt. It is also possible that the specific version or configuration
>> of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> You can generate a local policy module to allow this access - see FAQ
>> (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
>> disable
>> SELinux protection altogether. Disabling SELinux protection is not
>> recommended.
>> Please file a bug report
>> (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
>> against this package.
>>
>> Additional Information:
>>
>> Source Context                system_u:system_r:gamin_t:s0
>> Target Context                system_u:system_r:gamin_t:s0
>> Target Objects                None [ capability ]
>> Source                        gam_server
>> Source Path                   /usr/libexec/gam_server
>> Port                          <Unknown>
>> Host                          bronze.cdkkt.com
>> Source RPM Packages           gamin-0.1.9-5.fc9
>> Target RPM Packages           Policy RPM                   
>> selinux-policy-3.3.1-74.fc9
>> Selinux Enabled               True
>> Policy Type                   targeted
>> MLS Enabled                   True
>> Enforcing Mode                Enforcing
>> Plugin Name                   catchall
>> Host Name                     bronze.cdkkt.com
>> Platform                      Linux bronze.cdkkt.com
>> 2.6.25.9-76.fc9.i686 #1 SMP
>>                              Fri Jun 27 16:14:35 EDT 2008 i686 i686
>> Alert Count                   20
>> First Seen                    Thu 10 Jul 2008 10:35:43 AM PDT
>> Last Seen                     Thu 10 Jul 2008 11:11:40 AM PDT
>> Local ID                      5eb1bf77-5c10-4071-9892-bac42ca11adb
>> Line Numbers                 
>> Raw Audit Messages           
>> host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc: 
>> denied  { dac_override } for  pid=11637 comm="gam_server" capability=1
>> scontext=system_u:system_r:gamin_t:s0
>> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>>
>> host=bronze.cdkkt.com type=AVC msg=audit(1215713500.169:272): avc: 
>> denied  { dac_read_search } for  pid=11637 comm="gam_server"
>> capability=2 scontext=system_u:system_r:gamin_t:s0
>> tcontext=system_u:system_r:gamin_t:s0 tclass=capability
>>
>> host=bronze.cdkkt.com type=SYSCALL msg=audit(1215713500.169:272):
>> arch=40000003 syscall=33 success=no exit=-13 a0=96ca580 a1=0 a2=4b9264
>> a3=10 items=0 ppid=1 pid=11637 auid=4294967295 uid=0 gid=0 euid=0 suid=0
>> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
>> comm="gam_server" exe="/usr/libexec/gam_server"
>> subj=system_u:system_r:gamin_t:s0 key=(null)
>>
>>
>> -- 
>> fedora-selinux-list mailing list
>> fedora-selinux-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>>     
> This is a bad domain and will be fixed in the next update.  For now it
> is probably best to just relabel the gamin_exec_t to bin_t and stop the
> transition.
>
>   

After updating today I'm seeing thousands of these, to the extent that I 
had to stop the setroubleshoot service:

Source RPM Packages           gamin-0.1.9-5.fc9
Target RPM Packages          
Policy RPM                    selinux-policy-3.3.1-78.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall_file

                              2.6.25.10-86.fc9.x86_64 #1 SMP Mon Jul 7 
20:23:46
                              EDT 2008 x86_64 x86_64
Alert Count                   2565
First Seen                    Mon 21 Jul 2008 12:32:35 BST
Last Seen                     Mon 21 Jul 2008 12:38:10 BST
Local ID                      6ec7acfe-2373-4bb0-b598-ed8c37265ac9
Line Numbers                 

Raw Audit Messages           

 type=AVC msg=audit(1216640290.738:969906): avc:  denied  { read } for  
pid=3319 comm="gam_server" path="inotify" dev=inotifyfs ino=1 
scontext=system_u:object_r:unlabeled_t:s0 
tcontext=system_u:object_r:inotifyfs_t:s0 tclass=dir

 type=SYSCALL msg=audit(1216640290.738:969906): arch=c000003e syscall=0 
success=no exit=-13 a0=3 a1=23d9210 a2=400 a3=0 items=0 ppid=1 pid=3319 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
tty=(none) ses=4294967295 comm="gam_server" 
exe="/usr/libexec/gam_server" subj=system_u:object_r:unlabeled_t:s0 
key=(null)

More information about the fedora-selinux-list mailing list